In the latest in a series of HIPAA enforcement actions taken by states this year, Massachusetts Attorney General Maura Healey's office has signed a $75,000 consent judgment with McLean Hospital, a psychiatric facility, in connection with a breach that affected 1,500 individuals.
The U.S. Department of Justice on Thursday unsealed an indictment charging two Chinese nationals in connection with APT10 or Cloud Hopper, a cyber espionage campaign, alleging they acted in association with a government agency.
Facebook violated consumer protection law by failing to protect personal data that consumers thought they'd locked down, the District of Columbia alleges in a new lawsuit. Plus, Facebook is disputing a New York Times report that it ignored privacy settings and shared data with large companies without consent.
For the past three years, hackers have been intercepting sensitive diplomatic cables sent between EU member states after stealing passwords for accessing the EU network via a phishing attack against diplomats in Cyprus, The New York Times reports.
The number of data breach reports filed since the EU General Data Protection Regulation went into effect has hit nearly 3,500 in Ireland, over 4,600 in Germany, 6,000 in France and 8,000 in the U.K. Regulators say more Europeans are also filing more complaints about organizations' data protection and privacy practices.
A large health insurer in Western Australia shared the home addresses of some psychologists to a web-based appointment booking service, according to a news report. The health insurer belated realized after a complaint from one practitioner that some psychologists work from home.
Federal regulators and medical device maker Medtronic have issued alerts about the lack of encryption on certain cardiac programming devices that could potentially allow inappropriate access to patient information.
Twitter says that an unspecified number of its users may have been targeted by state-sponsored hackers seeking to unmask their identity. Separately, Trend Micro says Twitter has blocked an account that was posting image memes designed to remotely control malware-infected PCs.
The battle against Russian disinformation is far from over. Two in-depth Senate reports have revealed that such campaigns continue despite efforts by social media companies to cleanse their platforms. Researchers say Facebook's Instagram may be the next battleground.
Democratic senators have introduced yet another version of data security legislation that would create a federal breach notification requirement. Meanwhile, the Center for Democracy & Technology has drafted a model for a broad national privacy bill.
In the aftermath of the Marriott breach, it's fair to characterize Gartner's Avivah Litan as mad as hell and not wanting the U.S. to take it anymore. Going into 2019, Litan has policy and technology recommendations for national cyber defense.